Team NLnet Labs - The NLnet Labs Blog (Page 2)

Sign in Subscribe

Team NLnet Labs

Proudly serving the Internet community for over 20 years with open source core infrastructure tools for DNS and BGP

Introducing JDR: explore, inspect and troubleshoot the RPKI

Introducing JDR: explore, inspect and troubleshoot the RPKI

Today we launch the first version of JDR, our hosted tool to check anything in the RPKI. While not yet 100% feature complete, we think it already offers useful insights to operators and implementors, and moreover, we would like their input and ideas for further developments of JDR. In this

SAD DNS and NLnet Labs DNS software

SAD DNS and NLnet Labs DNS software

Update 18 November 2021: we are aware of the follow-up paper published by the researchers. The text below remains accurate for Unbound users. Please note that Unbound 1.13.2 and newer has IPv6 PMTU disabled for UDP. During the ACM CCS conference 2020, held November 9-13, researchers from UC

Why Routinator Doesn’t Fall Back to Rsync

Why Routinator Doesn’t Fall Back to Rsync

When creating software, we carefully weigh each design decision: security, resiliency, usability and many more factors play a role in the end result. This article explores the reasoning behind a behaviour that isn't specified in an RFC but which has significant impact on operators deploying RPKI.

Journeying into XDP Part 1: Augmenting DNS

Journeying into XDP Part 1: Augmenting DNS

How can eXpress Data Path (XDP) augment existing DNS software? We share our experiences of implementing Response Rate Limiting in XDP.

Testing .. 123 Delegated RPKI

Testing .. 123 Delegated RPKI

Validate your delegated RPKI deployment with the new NLnet Labs RPKI test root.

DNS-over-HTTPS in Unbound

DNS-over-HTTPS in Unbound

A major step forward in end user privacy.

Some Country for Old Men

Some Country for Old Men

An Unbound Story of Serving Expired Records.

Journeying into XDP: Part 0

Journeying into XDP: Part 0

Network programming using XDP has been on our radar for a while now. As tooling around this technology has vastly improved, we decided that it was time to finally get our hands dirty and see what this technology is all about.

Krill Gains Powerful ROA Management Based on BGP Routing

Krill Gains Powerful ROA Management Based on BGP Routing

Create and maintain Route Origin Authorisations based on the BGP announcements with your address space.

IPv6 and Rust

How difficult is it to use Rust and its ecosystem to write network applications that support IPv6?

Adapting Radix Trees

Adapting Radix Trees

NLnet Labs continuously strives to push the performance of its products. Over the course of the past year we researched improvements to main-memory databases for our authorative nameserver, NSD.

Tuning NSD for even better performance

Tuning NSD for even better performance

NLnet Labs is pleased to announce version 4.3.0 of NSD. This release contains, among bug fixes, features to tune NSD for even better performance. Most notably, processor affinity.

Evolving Krill

Introducing Krill 0.5.0 ‘Serve no Turf’, which includes a user interface for easy management and many other improvements.

Response Policy Zones in Unbound

Response Policy Zones in Unbound

We are incredibly happy to introduce Unbound 1.10. This release features RPZ, a mechanism that makes it possible to define your local policies in a standardized way, and load your policies from external sources.

On adopting a Code of Conduct for NLnet Labs

On adopting a Code of Conduct for NLnet Labs

At NLnet Labs, we have recently adopted a code of conduct that applies to all our projects and the interactions with our community. In this blog post, we discuss why we did this, how we went about the process and what we learned along the way.

Leaping through RPKI history with Ziggy

Leaping through RPKI history with Ziggy

RPKI, the Resource Public Key Infrastructure, is an important cornerstone in securing the BGP routing system on the Internet. In its…

Measuring the impact of DNS Flag Day

Measuring the impact of DNS Flag Day

DNS Flag Day 2019 stimulated a lot of awareness, and as a result, the Internet got a little better.

Hackathon @ Africa Internet Summit 2019

Hackathon @ Africa Internet Summit 2019

The main objectives of the NLnet Labs foundation are the development of Open Source Software and Open Standards; this combination creates…

Prototyping Unbound extensions in minutes with Python and Docker

Prototyping Unbound extensions in minutes with Python and Docker

How, theoretically, could one lower the barrier to trying out the connection testing feature of the Internet.nl application.

Krill — A New RPKI Certificate Authority

Krill — A New RPKI Certificate Authority

From outer space to the depths of the sea, NLnet Labs knows no boundaries with their Resource Public Key Infrastructure (RPKI) project.

The Ongoing Story of OpenINTEL: Measuring the DNS for Research, Policy and Protocol Improvements

The Ongoing Story of OpenINTEL: Measuring the DNS for Research, Policy and Protocol Improvements

Measuring the DNS for Research, Policy and Protocol Improvements.

Sunrise DNS over TLS, sunset DNSSEC?

Sunrise DNS over TLS, sunset DNSSEC?

Is DNSSEC still needed when you get your DNS over TLS?

Introducing the Routinator 3000

Introducing the Routinator 3000

Lean, blazingly fast RPKI Validation. As it should be.

Building a new home for NLnet Labs

Building a new home for NLnet Labs

Over the last weeks we threw ourselves at creating a brand new website for NLnet Labs, with lots of decisions to make along the way.

Aggressive use of the DNSSEC-Validated cache in Unbound

Aggressive use of the DNSSEC-Validated cache in Unbound

One of the new features in Unbound 1.7.0 is the aggressive use of the DNSSEC-Validated cache, resulting in decreased load on name servers.